Currently FilterSecurityInterceptor and AuthorizationFilter only perform authorization checks on the first request. Authorization should be performed on dispatch. We should make it simple to permitAll on other dispatch types for users that do not wish to do this.
NOTE: We may consider only making these changes to AuthorizationFilter rather than FilterSecurityInterceptor since we are moving towards using AuthorizationManager rather than the old authorization APIs.
Related gh-10919
Currently
FilterSecurityInterceptorandAuthorizationFilteronly perform authorization checks on the first request. Authorization should be performed on dispatch. We should make it simple to permitAll on other dispatch types for users that do not wish to do this.NOTE: We may consider only making these changes to AuthorizationFilter rather than FilterSecurityInterceptor since we are moving towards using AuthorizationManager rather than the old authorization APIs.
Related gh-10919